Sunday, 1 February 2004

More illegal USA advance snooping in EU PNR data leads to more flight cancellations

Yet again yesterday flights from the European Union to the USA have been cancelled at the orders of the USA Department of Homeland Security on the basis of information illegally obtained by the DHS from European airline reservations.

A month ago, when last this happened, it was later widely reported to have resulted from the perceived similarity of a name on a passenger manifest, "Abdul Haye Mohammad Illyas", to the name of a suspect wanted by the USA, "Maulvi Abdul Hai". That was enough, in the eyes (or perhaps ears) of the DHS to warrant cancelling flights on that route for several days.

Agence France-Press explains what happened next:

The suspicions of international intelligence agencies seemed confirmed when Illyas failed to show up for the flight to Los Angeles [on December 24], which was ultimately canceled at the request of Washington due to fears of an attack.

A similar alert was re-issued by Air France on January 7, informing the U.S. and French intelligence that Illyas was booked on Paris-Los Angeles flight four days later.

He had been expected to land in Paris January 7 on an Air France flight from Bombay and had a reservation on January 11 for a flight to Los Angeles.

But this time too, Illyas failed to arrive at Charles de Gaulle airport in Paris where French police were waiting for him to check his identity....

According to the Indian Express newspaper, Illyas had won frequent flier tickets for travel on the Paris-Los Angeles sector. When Air France asked him for his dates of travel, Illyas randomly chose December 24 without really intending to use the ticket [on that date].

As the Hindustan Times editorialized :

Notoriously insular and apathetic about any culture that doesn't emanate from their backyard, Americans have transformed themselves into a nation that is prepared to shoot at the enemy, but without knowing who the enemy is. In the process, more and more cases suggest that the "enemy" may have become anyone with a "Middle-Eastern appearance" and/or with an Islamic nomenclature. Which is a bit like thinking that every Fritz or Otto or Adolf is a neo-Nazi....

What was strange was that even after initial fact-checking with Indian intelligence agencies -- which pointed out that the suspect was a bona fide leather exporter who was a frequent traveller -- the Americans were still intent on believing otherwise. It's just as well that the rest of the world is a bit more clued in on cultures other than their own. Otherwise, who knows, we would have been extremely suspicious of Anglo-Saxon names that could have links with the Ku Klux Klan or the IRA or the Baader-Meinhof or the Red Brigade or...

Yesterday, flights scheduled for today and Monday were cancelled, once again on the basis of names on reservations. The New York Times cited unnamed "officials" in reference to what names did or didn't appear on "passenger lists" for the cancelled flights, while the Guardian similarly says that, "US authorities were understood to be scouring UK passenger lists for future flights from London to America as attempts were made to see if more flights will be grounded in the coming days." And Agence France-Press likewise reports that, "the US Federal Bureau of Investigation found names on passenger lists."

Reinforcing continued concern about the differential treatment by the USA of USA-based and foreign airlines, and its impact as trade protectionism, The Guardian also quoted an "industry source" as saying, "There is a widespread and deep-held concern among British pilots that America is using these intelligence reports for its own commercial ends, maybe to even protect the very survival of its airlines," i.e. by raising alarms about foreign airlines to frighten timid American into deciding to "fly American".

Regardless of what name showed up in a reservation this time, the question remains whether it was legal for the USA authorities on Saturday to be reviwing PNR's for Sunday and Monday flights from the European Union and perhaps other countries.

The simple and obvious answer is that it wasn't legal, and wouldn't be even if the proposed USA-EU agreement were to be approved in its present form.

The USA-EU agreement hasn't been finalized, but January 2004 drafts I've seen rely on one or both of two exceptions to the EU data protection directive and code of conduct for computerized reservation services : that passengers have consented to having their reservations given to the USA, and/or that the data is required by USA law.

But neither is true, as this weekend's events show.

People could have made reservations for these flights as much as 11 months to a year ago, long before any airline started warning passengers about USA government demands for reservations.

Since British Airways, like several other airlines, no longer requires reconfimation of reservations on flights to and from the USA, the first time these people could possibly be asked for their consent to give their reservations to the government of the USA would be when they check in. And if, like the ill-fated Mr. Illyas, they don't check in, they will never be asked for their consent, but their cancelled PNR's will still be included, and accessible to the USA, along with the "live" PNR's for passengers on the flight.

Even if an airline ordered all its agents to obtain consent for government access to reservations before they are allowed to make reservations -- something none has yet done -- it would be another full year before everyone holding a reservation could be assumed to have given their consent.

As for the requirement of USA law, that is clearly limited (even assuming that it would withstand Comnstitutional challenge) to information concerning passengers . Mr. Illyas is an excellent example of how common it is for people to hold reservations on flights on which they don't end up travelling. But in his case, the government got his reservations, and made him an unwittingly wanted man, well before he had become an actual passenger.

So any government access to reservations prior to the completion of check-in, or for those no-show or cancelled names who don't check in and consent, inevitably will scoop up in its dragnet personal information about people:

  1. Who aren't yet, and might never become, "passengers";
  2. Whose information, since they aren't passengers, isn't required by USA law; and
  3. From whom there has not yet been any opportunity to ask for, much less obtain, consent.

But that's _exactly what did happen yesterday, when flights were cancelled for Monday, 48 hours in advance, on the basis of information in European reservations (illegally) turned over to the USA.

That should give pause to European authorities who have been planning to rely on consent and the compulsion of USA law to excuse their departure from their own laws. And Canadian law, as I discussed yesterday , is similiarly limited to information "relating to persons on board or expected to be on board the aircraft and that is required by the laws of the foreign state."

Both Canadian and EU authorities need to make sure that, in order to provide an opprtunity for consent and to ensure that the data in limited to that which is actually required by USA laws (which only cover passengers, not other data subjects), no reservation data is available to the USA government until the passenger list is finalized, which is when the plane takes off -- "wheels up".

Link | Posted by Edward on Sunday, 1 February 2004, 12:34 (12:34 PM) | TrackBack (2)
Comments
Post a comment









Save personal info as cookie?